Hi,
I know that this is maybe a little bit off-topic, but I assume that most people on this list are used to compile PHP just for testing purposes.
I am currently planning to write a paper about the memory_limit security bug that was announced last month. Actually the paper will explain in detail what the bug is and how it can be exploited to execute arbitrary code.
The paper itself will be written because a few people requested it, a lot of media reported it as a buffer overflow (which is completely wrong) and just because I need some training in writing papers for university.
So if anyone here would like to support me writing this paper just grab a copy of http://security.e-matters.de/mlxdebug.tgz
This package has some special patches in it (for PHP 4.3.2-4.3.7) that write debug output for every emalloc/efree/erealloc and php_register_variable_ex call into a file within /tmp.
The package includes a description how the test works. It basicly consists of compiling PHP on your normal platform: f.e. OpenBSD Apache2 CGI. You should just add --enable-memory-limit to your standard configure line and turn register_globals on. The rest is all explained in the package.
Stefan Esser
PS: those debug files would help me a lot to proof that a few things are easier than one thinks.
-- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
